What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animation Addons for Elementor animation-addons-for-elementor allows DOM-Based XSS.This issue affects Animation Addons for Elementor: from n/a through <= 2.6.1.
Explanation of Vulnerability in Simple Terms
02Summary
Animation Addons for Elementor versions 2.6.1 and earlier contain a stored cross-site scripting (XSS) vulnerability. An authenticated user with low privileges can inject malicious scripts into animation settings. When other users view pages containing the affected animations, the scripts execute in their browsers, potentially compromising their accounts or stealing data.
What an attacker can do
03Attacker Capabilities
Inject malicious scripts that execute when other users view pages with the affected animations.
Potential impact on your site
04Site Impact
Site visitors' accounts and data are at risk if low-privilege users can inject scripts into animation settings.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site and the victim must view a page containing the malicious animation.
Key dates
06Disclosure timeline
April 8, 2026
CVE published
April 29, 2026
Record updated